openshift-applier: Allow for some method of only running portions of the inventory about casl-ansible HOT 4 CLOSED

This is a real challenge when maintain a source code repository with a team. What happens in practice is that people comment out sections of the inventory since its the easiest thing that works. That of course leads to all the nasty challenges associated with commented code.

I think a simple solution here is to provide a whitelist feature, which you can provide as variable when running the playbook. That whitelist can be a simple comma delimited list, and then the role would be enhanced to only run the objects in the inventory that are on the whitelist. This would give end users fine grain control of execution, without having to modify the inventory.

@InfoSec812 @oybed what do you guys think?

from casl-ansible.

I think that having a blacklist/whitelist feature would be valuable. I would suggest that we discuss at what level and how granularly to apply them though. Do we apply it at the object level, object:name level, or something else?

from casl-ansible.

@InfoSec812 @sherl0cks This requires some discussion as it's deviates from the original plan. I'll schedule a discussion with you guys and @etsauer (once he's back from PTO).

from casl-ansible.

@etsauer and I had a follow-up discussion tonight, and think this is a good idea overall. Eric proposed that we look to use a tag & filter strategy instead, as it allows for potential a better way of handling grouping (and more operators), so we'll work on an implementation for that. In essence, it's very similar to this whitelist strategy. However, considering that #102 changes the underlying structure quite a bit as well, we'll be closing out PR #93 and start working on the filter/tags strategy ASAP to get that working as soon as possible.

@InfoSec812 @sherl0cks ^^

from casl-ansible.